CentosFedoraLinuxWebserver

Protect PHP Installation with Suhosin Security Patch in CentOS

Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.

Installing Suhosin Patch using Source Code

First install  php-devel package and then download latest version of suhosin patchusing wget command and unpack it.

# yum install php-devel
# wget http://download.suhosin.org/suhosin-0.9.33.tgz
# tar -xvf suhosin-0.9.33.tgz

Now following next commands to compile suhosin patch for php installation.

# cd suhosin-0.9.33
# phpize
# ./configure
# make
# make install

Create the suhosin configuration file by adding suhosin extension to it.

# echo 'extension=suhosin.so' > /etc/php.d/suhosin.ini

Restart the web server ApacheNginx or Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Installing Suhosin Patch using EPEL repository

First, turn on EPEL repo and type the following yum command to install the same:

# yum install php-devel
# yum install php-suhosin

Restart the web server ApacheNginx or Lighttpd.

# service httpd restart
# service nginx restart
# service lighttpd restart

Verify Suhosin Patch

Type the following command to verify suhosin installation.

# php -v

Screenshot from 2013-04-23 23:35:19
To find out more information about suhosin patch create the following file under your web server root directory. For example, (/var/www/html/).

# vi phpinfo.php

Add the following lines to it.

Now try to access the page using any web browser and type http://youripaddress/info.php. You will see below screen.

Screenshot from 2013-04-23 23:37:48

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close
Close